An integrated circuit (IC) chip having a financial function in, for example, a smart card that has recently been used as a credit card is used as a payment method in lieu of cash due to easiness of management and convenience in use.
Despite such easiness of management and convenience in use, issues associated with the IC chip having the financial function, for example, physical card reproduction and card number hacking, are occasionally reported, and thus performing a more reliable user authentication process is required.
The user authentication process may be performed by verifying a personal identification number (PIN) that is unique information of a user or a password that is set directly by a user, at a point in time when a payment is made. However, when performing the user authentication process by allowing an external terminal to access a smart card chip, the smart card may be exposed to a risk of being hacked.
For example, during the access to the smart card chip by the external terminal, a hacking attack may be made from an external source, and may cancel or hinder the user authentication process. Thus, a third party who is not a real holder of the smart card may steal the smart card without the user authentication process and use the stolen smart card.
As described in the foregoing, in an existing user authentication method, there may be a risk of cancelling or invalidating user authentication by a security accident such as, for example, a hacking attack.